Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
GitHub denies getting hacked
#1
https://www.zdnet.com/article/github-den...ng-hacked/        GitHub denies getting hacked
Someone attached a copy of the GitHub Enterprise Server source code to GitHub's DMCA section, but the GitHub CEO said they mistakenly leaked that code months ago.

Catalin Cimpanu
By Catalin Cimpanu for Zero Day | November 5, 2020 -- 14:06 GMT (06:06 PST) | Topic: Security        GitHub has denied rumors today of getting hacked after a mysterious entity shared what they claimed to be the source code of the GitHub.com and GitHub Enterprise portals.

The "supposed" source code was leaked via a commit to GitHub's DMCA section.

The commit was also faked to look like it originated from GitHub CEO Nat Friedman.

But in a message posted on YCombinator's Hacker News portal, Friedman denied that it was him and that GitHub got hacked in any way.

Friedman said the "leaked source code" didn't cover all of GitHub's code but only the GitHub Enterprise Server product. This is a version of GitHub Enterprise that companies can run on their own on-premise servers in case they need to store source code locally for security reasons but still want to benefit from GitHub Enterprise features.

Friedman said this source code had already leaked months before due to its own error when GitHub engineers accidentally "shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers."  Friedman promised that GitHub was going to fix the two bugs exploited by the leaker and prevent unauthorized parties from attaching their code to other people's projects via faked identities.

"In summary: everything is fine, situation normal, the lark is on the wing, the snail is on the thorn, and all's right with the world," Friedman said.

NOT THE FIRST TIME
But this is not the first time that this happened on GitHub.

One of the two bugs was used just days earlier when a security researcher attached the source code of the youtube-dl library to GitHub's DMCA section.

The security researcher's gesture came as a form of protest after GitHub decided to honor a suspicious DMCA takedown request against the youtube-dl library from music recording industry group RIAA.    While the mystery leaker never explained their actions, it is believed that the person who leak the GitHub Enterprise Server code was also protesting against GitHub's decision to honor RIAA's DMCA request and take down youtube-dl, a project that lets users download raw audio and video files from YouTube and other services — which RIAA argued was heavily used to pirate its songs catalog.

For the past week, hundreds of other users have been re-uploading the youtube-dl code on their own accounts and daring RIAA to send them a DMCA request too. GitHub has warned users not to do so, as they risk getting banned by its automated systems.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  TikTok denies security breach after hackers leak user data, source code tarekma7 0 2,101 09-06-2022 , 10:19 AM
Last Post: tarekma7
  we removed all cookie banners from GitHub! mrtrout 0 1,050 12-18-2020 , 04:08 AM
Last Post: mrtrout
  Google Chrome 79 crashing on Linux with NOD32 installed, ESET denies responsibility dhruv2193 0 1,816 01-21-2020 , 12:29 PM
Last Post: dhruv2193
  Reliance Jio Customers' Data Allegedly Hacked – Company Denies Breach LowcyGier 0 2,281 07-12-2017 , 08:04 PM
Last Post: LowcyGier



Users browsing this thread: 1 Guest(s)